<?php

namespace System\Lib\Twitter\Auth;

/**
 * Description of ASmRsaSHA1
 *
 * @author Elton Schivei Costa
 */
abstract class ASmRsaSHA1 extends ASignatureMethod
{

    // Up to the SP to implement this lookup of keys. Possible ideas are:
    // (1) do a lookup in a table of trusted certs keyed off of consumer
    // (2) fetch via http using a url provided by the requester
    // (3) some sort of specific discovery code based on request
    //
  // Either way should return a string representation of the certificate
    protected abstract function FetchPublicCert(Request &$request);

    // Up to the SP to implement this lookup of keys. Possible ideas are:
    // (1) do a lookup in a table of trusted certs keyed off of consumer
    //
  // Either way should return a string representation of the certificate
    protected abstract function FetchPrivateCert(Request &$request);

    public function CheckSignature(Request &$request, Customer &$consumer, Token &$token, \System\Types\String $signature)
    {
        $decoded_sig = \base64_decode($signature->ToString());

        $base_string = $request->GetSignatureBaseString();

        // Fetch the public key cert based on the request
        $cert = $this->FetchPublicCert($request);

        // Pull the public key ID from the certificate
        $publickeyid = \openssl_get_publickey($cert);

        // Check the computed signature against the one passed in the query
        $ok = \openssl_verify($base_string, $decoded_sig, $publickeyid);

        // Release the key resource
        \openssl_free_key($publickeyid);

        return $ok == 1;
    }

    public function BuildSignature(Request &$request, Customer &$consumer, Token &$token)
    {
        $base_string = $request->GetSignatureBaseString();
        $request->baseString = $base_string;

        // Fetch the private key cert based on the request
        $cert = $this->FetchPrivateCert($request);

        // Pull the private key ID from the certificate
        $privatekeyid = \openssl_get_privatekey($cert);

        // Sign using the key
        $ok = \openssl_sign($base_string, $signature, $privatekeyid);

        // Release the key resource
        \openssl_free_key($privatekeyid);

        return \base64_encode($signature);
    }

    public function GetName()
    {
        return "RSA-SHA1";
    }

}
